A seeming problem with Microsoft's Windows activation servers wich caused a number of Windows 10 users to see false messages informing them they were running non-activated software. At the end of the day (U.S. Eastern time) on November 8, some users were reporting these issues were resolved. On November 8, a number of users who had activated and licensed copies of Windows 10 Pro began receiving messages saying they needed to install Windows 10 Home or go back and purchase a "genuine" copy of Windows. This included both Windows Insider testers and those builds released to mainstream users (including some users with the Windows 10 October 2018 update/1809). Some users said they had contacted Microsoft support and were told incorrectly they needed to repurchase licenses or somehow obtain new product keys. (And some people said they did this.) Some users also said they followed the instructions they received in the erroneous messages and rolled back to Windows 10 Home. Meanwhile, Microsoft officials said very little officially about what was happening. In the afternoon (ET) of November 8, after asking Microsoft for an update on the situation, I got the following message from a spokesperson: read more on our Forum

Some Windows 10 users are having problems with their Pro licenses today, as users on the company's Community Forums and Reddit are reporting that their Windows 10 Pro systems are saying they are not activated, and telling users to install Windows 10 Home instead. Most of the reports appear to be coming from users who obtained the Windows 10 license thanks to the free upgrade path Microsoft offered back in 2015, suggesting that the issue is somehow related to it. According to some of the reports, while the system says that users have a Windows 10 Home license, the Microsoft Store link in the settings page blocks them from attempting to buy a Pro license. Microsoft has since acknowledged an ongoing issue with its activation servers, which is causing systems to falsely report this information, commenting that the problem should be fixed within a couple of days. Microsoft also says that the Windows activation troubleshooter may report that you have a Home license, but users are advised to ignore this message and wait for the problem to be resolved on Microsoft's side. Windows should reactivate as normal, assuming your key or digital license was genuine before all this happened. Microsoft has not yet commented officially on any of its Twitter accounts that it has been fixed, despite 27 pages and counting of complaints on its Community forums post. Visit OUR FORUM for further details.

A couple of weeks ago, Microsoft rolled out a cumulative update (KB4462933) for Windows 10 version 1803. The cumulative update was rolled out on October 24 for users who have installed Windows 10 April 2018 Update and it fixed several issues with the OS. The cumulative update came with fixes for BSOD issue which occurred while removing the Bluetooth devices from the computer along with fixing a bug which prevented the launch of Windows Defender Application Guard. The company back then not acknowledged any issues in the cumulative update but Microsoft has quietly updated the support document to confirm two bugs hitting Windows 10. Microsoft says that the cumulative update has broken the Developer Tools in Microsoft Edge. Launching this menu will no longer work on PCs with Windows 10 version 1803. The second issue which Microsoft has acknowledged is a bug that occurs after installing the August Preview of Quality Rollup or September 11, 2018, .NET Framework update. After installation, there will be an exception with the instantiation of SqlConnection. As a temporary workaround, Microsoft has detailed the points to manually resolve the issue. We have the temporary workaround posted on OUR FORUM.

A vulnerability discovered in Icecast streaming media server could be leveraged by an attacker to kill the broadcast of online radio stations that rely on it to reach their audience. The flaw is sufficient to trigger a segmentation fault in the server process - an access violation condition that leads to a crash. A theoretical risk exists for remote code execution. An attacker could achieve this with sufficiently long, specially crafted HTTP headers. Maintained by the Xiph.org Foundation, Icecast supports both audio and video data. Because it is available under a free software license and has support for open standards for communication, Icecast is a popular choice for creating an online radio station. A patch is included in the latest version of the software, whose changelog describes the issue as a buffer overflow that affects Icecast versions 2.4.0, 2.4.1, 2.4.2 or 2.4.3 "if there is a “mount” definition that enables URL authentication. The security bug stems from choosing the 'snprintf' function that redirects the data output to a buffer, over 'sprintf' to avoid buffer overflow issues by truncating the output if the buffer is not sufficiently large. Making this choice is not necessarily a safer bet when a specific condition is met. Nick Rolfe of Semmle Security Research Team says that the 'snprintf' function does not offer protection against buffer overflows "if you provide a size argument that's larger than the actual size of the buffer. "Follow this on OUR FORUM.

I love when products are made in the USA. Don't get me wrong, I am not against things made in other countries. Hell, it is virtually impossible to live in America and not buy foreign goods. If you look at the tags on your clothes, you will almost never see "Made in the USA." But still, I take pride when a product is made here. For instance, so far in my life, I have only ever owned Ford vehicles. With that said, Ford is moving more and more of its labor to Mexico, but I digress. Computers made in America are virtually non-existent, but a little company in Denver had a dream to do just that. System76 has long been looking to make a Linux-powered computer in the USA using open source ideology. A lofty goal, which many folks didn't think would ever be achieved. Well, against all odds, today, System76 proves the haters wrong as it finally unveils its much-anticipated Thelio desktop computer. And boy, oh boy, it is beautiful. "Thelio Systems are designed to be easily expandable, making personalizing the computer a tantalizingly easy process. Slip in drives, add memory, and upgrade graphics cards at will. Additionally, the open hardware design that Thelio is built upon allows the user to easily learn how their computer works and make modifications using this information. Customization is simple to ensure that the computer encompasses people’s needs, as well as their personality," says System76. More details are posted on OUR FORUM.

A new side-channel vulnerability has been discovered called PortSmash that uses a timing attack that to steal information from other processes running in the same CPU core with SMT/hyper-threading enabled. Utilizing this attack, researchers were able to steal the private decryption key from an OpenSSL thread running in the same core as their exploit. SMT/Hyper-threading is when one physical CPU core is split into two virtual logical cores that can be used to run two separate process threads at once. This method can increase performance as the two threads will utilize idle CPU resources more efficiently to execute instructions faster. A side channel timing attack is when an attacker analyzes how fast a thread executes particular instructions and utilizes that information to work backward to discover what data was used as input. The PortSmash vulnerability was discovered by researchers Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, and Nicola Tuveri from the Tampere University of Technology in Finland and Alejandro Cabrera Aldaya from the Universidad Tecnologica de la Habana CUJAE in Cuba. An advisory was made to the OSS-Sec mailing list and their research has been submitted as a paper titled "Port Contention for Fun and Profit" as an IACR eprint, which is currently awaiting moderation before it's released. Learn more on this security update by visiting OUR FORUM.